Skip to main content
v2026.1714 entries · CC-BY 4.0
CiteLicenceEN-GB
CASRAI

Definition · Plain-language

Right to be forgotten

The right to be forgotten, formally the right to erasure, is the GDPR right allowing individuals to have their personal data deleted in defined circumstances.

CASRAI research-methods explainer — Right to be forgotten

The step most authors miss

Doing CRediT right? Don’t stop at the statement.

A CRediT statement credits you inside one paper. The recognition CRediT was built for happens when those roles are tied to you, persistently. Sign in with your ORCID — free — and claim your CRediT contributions on casrai.org, the home of the standard. They become a verified, portable part of your identity, not a line that disappears into one PDF.

Free: claim your contributions, then export a journal-ready CRediT statement, schema.org structured data, JATS XML, CSV or BibTeX — and preview your public profile. A membership publishes that profile publicly and verifies the journals you serve.

Sign in with ORCID — free Why this matters →

What the right covers

The right to erasure, set out in GDPR Article 17 and commonly called the right to be forgotten, allows an individual to request deletion of their personal data in specified situations. These include where the data is no longer necessary for the purpose it was collected, where the person withdraws consent and there is no other lawful basis, where they object to processing and there are no overriding grounds, where the data was processed unlawfully, or where erasure is required to comply with a legal obligation. When one of these conditions applies, the controller must delete the data without undue delay.

A right that is not absolute

The right to be forgotten is qualified rather than a blanket right to demand deletion. Article 17 lists circumstances in which it does not apply — for instance where processing is necessary for freedom of expression and information, for compliance with a legal obligation, for reasons of public interest in public health, for archiving, scientific or historical research and statistical purposes, or for the establishment or defence of legal claims. So a request can lawfully be refused where a recognised exemption applies, and the practical effect always depends on the specific context.

Origins and research relevance

The phrase entered wide use after a 2014 Court of Justice of the European Union ruling concerning search-engine results, before being codified in the GDPR. For research, the erasure right interacts with the research exemption: where deletion would seriously impair the objectives of legitimate scientific research, the right may be limited, subject to appropriate safeguards. This is one reason anonymisation matters — once data is genuinely anonymised, it is no longer personal data, so the erasure right, like other data subject rights, generally no longer applies to it.

Key facts

At a glance

  • Definition: the right to have personal data erased in certain circumstances
  • Formal name: the right to erasure
  • Source: GDPR Article 17
  • Applies when: data no longer needed, consent withdrawn, unlawful processing and more
  • Not absolute: exemptions include legal obligation, public interest and research
  • Anonymised data: outside the right, as it is no longer personal data

Common misconceptions

What people often get wrong

Often heard: The right to be forgotten lets anyone demand deletion of any data at any time.

Actually: The right to erasure applies only in the circumstances listed in GDPR Article 17 and is subject to exemptions. It is a qualified right, not an unconditional power to have any data deleted on demand.

Often heard: The right to be forgotten and the right to erasure are different rights.

Actually: They are the same right. Right to be forgotten is the popular name; right to erasure is the formal term used in GDPR Article 17. The two describe one and the same provision.

Often heard: Research data must always be deleted on an erasure request.

Actually: The GDPR provides an exemption where erasure would seriously impair legitimate scientific research objectives, subject to safeguards. So research data is not automatically subject to deletion when an erasure request is made.

Going deeper

Related CASRAI guidance

GDPRConsent managementData minimisationPrivacy by designData anonymisationStandards dictionary

Referenced across the research world

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo
  • ORCID logo
  • Crossref logo

View CASRAI adoption →